To:
"Scott Rose" <scottr@antd.nist.gov>
Cc:
<Ted.Lindgreen@tednet.nl>, "Dan Massey" <masseyd@isi.edu>, "Jakob Schlyter" <jakob@crt.se>, "Miek Gieben" <miekg@nlnetlabs.nl>, <dnssec@cafax.se>
From:
Simon Josefsson <simon+dnssec@josefsson.org>
Date:
20 Apr 2001 15:41:16 +0200
In-Reply-To:
<004a01c0c99c$05cd5dc0$b9370681@antd.nist.gov> ("Scott Rose"'s message of "Fri, 20 Apr 2001 09:15:50 -0400")
Sender:
owner-dnssec@cafax.se
User-Agent:
Gnus/5.090003 (Oort Gnus v0.03) Emacs/21.0.102
Subject:
Re: Keys at apex problem - New PUBKEY RR?
"Scott Rose" <scottr@antd.nist.gov> writes: > against: > 1. Already deployed for certificates, not just keys (violating the intended > use of the CERT RR). Since CRLs (definitely not the same thing as certificates) are already allowed in CERT RR's I think the CERT RR document itself shows that the intent wasn't to restrict itself to only certificates, but rather a fussy security-related-information type of RR. Are any of the authors here to provide some insight? > 2. Have to modify existing DNS implementations and other apps that use KEY > queries. They probably have to modified anyway if the problem discussed in this thread needs to be solved. > Since Dan and I are just "editors" and cannot make any changes without > concensus, if the WG things option 3 is the way to go, I'm all for it. <aol>Me too.</aol>